Data protection clause

WHO PROCESSES YOUR PERSONAL DATA?

The data processor of your personal data is «ERGO SEGUROS DE VIAJE (hereinafter, «ERGO»).

We have designated a person that shall be responsible for safeguarding your privacy at our company (the Data Protection Manager or “DPM”) before whom you may file any claim or request clarifications if you have any doubts or questions. You may contact the DPM at Av. Isla Graciosa, 1, 28703 San Sebastián de los Reyes, Madrid, Spain or by way of email: se.ejaivedsoruges-ogre@dpd

FOR WHAT PURPOSES IS YOUR PERSONAL DATA PROCESSED?

To comply with our obligations, and your personal data is processed, necessarily, in order to (i) comply with the applicable regulations, as well as (ii) the contracted insurance policies, by way of the adoption of automated decisions or by way of the creation of minimum profiles or studies in relation to each trip in order to establish the price of the insurance policy, or (iii) to respond to your requests for the contracting of said policies. (iv) Furthermore, your personal data is also processed in order to render your personal data anonymous in order to comply with the solvency obligations imposed under applicable regulations.

To notify you of our offers, to enhance the quality of our services and to provide you with a personalised service, provided that you are a customer and that you have provided us with your personal data. Furthermore, in said cases, subject always to your right of objection, to (i) forward to you commercial communications through any channel whatsoever in relation to the products marketed by our company (insurance products), within your reasonable expectations of privacy based upon your history of contracting insurance policies through us, (ii) create specific profiles with internal information in order to provide you with enhanced services (+Info in the section “profiles”), (iii) update your personal data and enhance said information with public data for commercial purposes and for the provision of enhanced customer services, (iv) or to create behavioural models through “pseudonymised” and anonymous data, that also enables us to adjust our services to your needs and interests at all times.

WHY IS YOUR PERSONAL DATA PROCESSED?

The mandatory data processing of your personal data is carried out in order to comply with applicable legal provisions and with the terms of your contracts or requests. Furthermore, the additional data processing of your personal data is carried out, if you are a customer or if you have accepted our data protection policy, based upon your consent, that you are able to revoke at any time whatsoever without any detriment whatsoever, or upon legitimate interests, considered in relation to your right to privacy. The forgoing consideration has been carried out in accordance with applicable law and with the criteria established by the data protection authorities, based upon the belief that, by means thereof, we are able to enhance the quality of our products and services to offer you more personalised services and to notify you of our offers.

WHO HAS ACCESS TO MY PERSONAL DATA?

Only ERGO has access to your personal data, unless you have provided us with your consent for the assignment thereof, or when said assignment of your personal data is imposed by legal requirements. Furthermore, the suppliers or providers of any service shall also receive your personal data, however the foregoing shall always be subject to contracts and guarantees, in accordance with the models approved by the data protection authorities. Our suppliers and providers of services include certain related-party companies, such as the travel assistance services of “DKV SERVICIOS, S.A.”, and of “EURO-CENTER HOLDING, S.E.” and “EURO-CENTER MADRID, S.A.”, a leading multinational within its sector, through which we provide travel assistance services throughout the world. In this case, and through EURO-CENTER, data exchanges may take place to foreign countries outside of the European Union, however the foregoing shall only be carried out at your request if you notify of the need for travel assistance, and only when strictly necessary, and only when you need to receive the medical assistance or other material services that you have contracted, so that we are able to comply with the terms of the insurance policy and fulfil said obligations. Moreover, occasionally, by means of the foregoing we shall protect your vital interests or that of the rest of the insured persons.

In the case of legitimate interest, for fraud prevention, or for internal administrative activities, or when you have consented thereto, your personal data may be assigned and provided to other branch offices of ERGO, or companies of the ERGO Group to which we belong.

On our web page you will find a list of the categories of suppliers and the companies that form part of our group.

HOW LONG WILL WE STORE YOUR PERSONAL DATA?

Unless you have provided your consent, we shall only store your personal data for the time during which you are a customer or during the period in which we have a commercial relationship with you. As from said moment in time, the data that shall be stored, exclusively as restricted information (that is to say, available to the corresponding authorities and in the legal interests of the company) shall be the minimum necessary data in relation to the operations and transactions carried out in order to act in relation to any claim, until the time-barring thereof. Normally the applicable periods are that of 10 years for the Prevention of Money Laundering Act, if applicable, and that of 5 years in order to manage the claims pursuant to travel insurance policies that include personal injuries to natural persons. After the foregoing periods have elapsed, the data shall be completely deleted and cancelled.

If you are not a customer and you have forwarded us an application for the contracting of an insurance policy, we shall store your personal data during the period in which the offer that has been provided to you remains valid, or, if no period of validity has been established, then for the legally applicable term.

WHAT ARE MY RIGHTS?

You have the right to access, rectify and delete your personal data, to object to the use thereof, to revoke your consents, as well as other rights provided for under applicable regulations, such as the right to the transfer of your personal data, the limitation of the data processing thereof, or to file a claim or complaint before the Data Protection Agency, or before our Data Protection Manager. Moreover, if automated decisions are adopted that affect you, you are always able to request the intervention of a natural person to review said decisions, and you may always object to any data processing, or revoke the consent thereto, without any detriment or prejudice to you whatsoever.

You may exercise your rights by forwarding us a letter together with a copy of your D.N.I. (National Identification Document), or equivalent official identification document, with the subject “PROTECCIÓN DE DATOS” to the following address: Avda. Isla Graciosa 1. 28703 San Sebastián de los Reyes, Madrid, Spain, or by way of email: se.ejaivedsoruges-ogre@dpd.

For more information, please read the document «Complementary information» that you can find in the section «Data Protection» of our web page www.ergo-segurosdeviaje.es